| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ef480c8f83780eea4ff8fdcd35c6208760b5e1d7.camel@linux.ibm.com>
Date: Thu, 08 Jul 2021 21:10:47 -0400
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Eric Snowberg <eric.snowberg@...cle.com>
Cc: keyrings@...r.kernel.org,
linux-integrity <linux-integrity@...r.kernel.org>,
David Howells <dhowells@...hat.com>,
David Woodhouse <dwmw2@...radead.org>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S . Miller" <davem@...emloft.net>,
Jarkko Sakkinen <jarkko@...nel.org>,
James Morris <jmorris@...ei.org>,
"Serge E . Hallyn" <serge@...lyn.com>, keescook@...omium.org,
gregkh@...uxfoundation.org, torvalds@...ux-foundation.org,
scott.branden@...adcom.com, weiyongjun1@...wei.com,
nayna@...ux.ibm.com, ebiggers@...gle.com, ardb@...nel.org,
nramas@...ux.microsoft.com, lszubowi@...hat.com,
linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org,
linux-security-module@...r.kernel.org,
James.Bottomley@...senPartnership.com, pjones@...hat.com,
glin@...e.com, "konrad.wilk@...cle.com" <konrad.wilk@...cle.com>
Subject: Re: [PATCH RFC 00/12] Enroll kernel keys thru MOK
On Thu, 2021-07-08 at 17:17 -0600, Eric Snowberg wrote:
> > Once all the CA keys in the MOK db are loaded onto the MOK keyring,
>
> To avoid confusion with the new keyring name, would it be more appropriate
> to change what we are calling the .mok keyring to the .trusted_platform
> keyring instead? Or just leave it as .mok?
Definitely not ".trusted_platform" keyring, as it would be too
confusing with the existing "trusted" key type [1]. At least for now,
leave it as ".mok".
thanks,
Mimi
[1] Documentation/security/keys/trusted-encrypted.rst
Powered by blists - more mailing lists